What are tombstone objects?

A. Because of Windows 2000’s and Active Directory’s (AD’s) complex replication, if you simply delete an object, Win2K’s replication algorithm might recreate the object at the next replication interval. Thus, AD marks deleted objects with tombstones.

Win2K deletes tombstone objects 60 days after their original tombstone status setting. To change this default time (which I don’t recommend), modify the tombstonelifetime setting under the cd=DirectoryServices,cn=WindowsNT,cn=Services,cn=Configuration,dc=DomainName parameter.